/ NEWS

Apple root hole. [A fix is released]

Popular articles

29 / 11 / 2017

Apple root hole. [A fix is released]

Yesterday a serious macOS security flaw was discovered: anyone can effortlessly log in to your account by simply typing [root] in the login field.

UPD:  Apple just published HT208315, the update is titled Security Update 2017-001, patching the breach. If you use macOS High Sierra, install updates as soon as possible. 

How does it work

The latest version of High Sierra allows anyone to guess the password for root, the most powerful macOS system administration account. Once they’re logged into the root account, they can type root in a login field, and hit [enter] leaving the password field blank. Next, they’ll bypass the account password and seamlessly log in to your Mac computer.

Usually, very few macOS users log in as root, that’s why Apple didn’t set a password for it. However, a password is a must-have for a secure root account, and a randomly-generated password is preferable.

What are the risks?

Once logged in with root privileges, they have complete access to your Mac’s system and all your personal files.

How to fix it

Option 1
The MacKeeper team has created an automated script that fixes the Apple root hole. All you need to do is to Download the script on your Mac and run it. 

 

Download the Script

 

In case you experience any difficulties with setting up the root password – either manually or with a MacKeeper script –  call us+1(800)983-30-79 - USA/CA toll-free. Our Customer Happiness Team will provide you with all the necessary instructions and ensure your Mac stays safe.

 

Option 2
You can easily check and fix this security hole by yourself:
1) Open the Terminal window, paste the passwd root command, and hit [enter] three times.

$ passwd root
Old Password: [hit enter to assume it's blank]
New Password: [hit enter to assume that it's blank
Retype New Password: [hit enter to assume that it's blank]

If you see an error like this…

passwd: authentication token failure

….there’s nothing to worry about – you don’t have a blank root password.

2) Otherwise, if you see no message at all, that means your root password is still blank. Try to run the same command:

$ passwd root

But this time hit [enter] once, create your root password, and fill it in both “New Password” and “Retype New Password” fields. After this, you’ll see the following: 

$ passwd root
Old Password: [hit enter]
New Password: **************
Retype New Password: ***************
$

 

In case you experience any difficulties with setting up the root password – either manually or with a MacKeeper script –  call us+1(800)983-30-79 - USA/CA toll-free toll-free. Our Customer Happiness Team will provide you with all the necessary instructions and ensure your Mac stays safe.